I used to have about 10 computers at home. It was combination between 2 Pentium 4 machine, 3 Intel notebooks, 1 Sun Cobalt, 1 Ultra 5, 1 AMD Duron machine, 1 Powerbook G4 and 1 Pentium II box.
Well, I'm not trying to show off here, and anyway I have removed most of them. Currently I have 'only' IBM T42 notebook, 1 P4 machine, Powerbook G4, Sun Blade 100 and the Pentium II box.
Why should I have more than 1 machine?
Because I used to search for immortality, hunted down the uncertainty, tried to stay at bleeding-edge technology by installing several OS in different machines and test them.
And what's the conclusion?
For normal desktop, office work and multimedia, I believe Mac OS X is the best. Panther has very beautiful aqua interface and at the same time offers BSD console, so it won't stop me installing tcpdump, snort, hping and all tools I need to run everytime I get bored.
My powerbook stays as the multimedia center until I get the cute-looking MAC mini.
So this is the OS that I would give to my wife and kid. Beauty and virus-free.
For security stuff, including wireless, I decided to install Gentoo dual-boot with WinXP in my IBM. Hey, the XP comes with my T42, so I keep them to make sure I get the OS that I (must) purchased with the notebook. Micro$oft still gets my money anyway, so why should I throw their OS away?
And most of my customers are still running Windows, so I still need this OS to check particular client software or for WPA configuration testing, for example.
I made 2G FAT partition so I can share the files between OS. Yes, guys, I know that the current kernel even can support read-write NTFS partition. Just as precautions.
Gentoo is good to make me stay at bleeding-edge. I have two main purposes with Gentoo: penetration testing tools (including wireless wardriving stuff) and intrusion detection analysis. Later when my skill is appropriate I want to use it as forensic as well.
Meanwhile I keep my Blade running Snort IDS to monitor my small network and at the same time acts as a place to compile necessary testing exploits.
How about *BSD? Well, I use OpenBSD as firewall to protect my personal lab. I love PF very much and this powerful OS can live in my Pentium II machine. Try to run XP on that machine!
Personally I love Debian as well. I have been using Woody and one of Sarge-based distro, Xandros, for about a year without any complaints. I like knoppix-std too. Live CD is a good concept to distribute security tools knowledge without installing the OS.
My brain is limited, so I have to focus. I decided to stick with Gentoo. Especially since Gentoo allows me to build the system (almost) from scratch. Btw, I have tried Linux From Scratch as well :)
Is it enough? Unfortunately no.
Corporate customers still stick with big name and stable vendors. Here comes Sun Solaris and Red Hat Enterprise Linux. That's why I still have one machine running Fedora and currently downloading Sun Solaris 10 iso CDs. Sight...
But that's the beauty of life. Everything is so different. Diversity.
And one thing for sure: open-source is bliss.
Friday, January 28, 2005
Thursday, January 27, 2005
About Certifications
Anyone who knows me always asks the same questions: why do you have so many certifications? aren't you tired to study all the time? do you think it's worth the effort and time you spent?
Well, I don't have exactly the answer.. I have so many certifications because they help me learning something new, yes I'm tired to study all the time but this is the life I chose and I believe all my certifications are worth my effort since they made me what I am today.
But to explain more, I need to reveal one little secret of me:
I don't have any background in computer field.
I don't have any computer science degree.
My university degree is .. Mechanical Engineering!
I know it's not uncommon. Many people who work in Information Technology come from different background.
So, considering my situation 6 years ago. I graduated from Mechanical Engineering, but I have a passion to work in Internet Security. At that time I knew only a bit system administration tasks in RedHat Linux.
To learn more about computer at that time I decided to pursue MCSE Windows NT Server.
I was amazed with domain concept, client - server relationship, trusting domain, DNS and all the things I learned in my quick-and-cheap 12 days MCSE class.
I started taking the exam: MCP Win NT server, NT workstation, Networking essential...
Until one shinny Sunday morning when two of my friends visited me and discussed about new networking class from Cisco named CCNA. I was really interested so I decided to dump MCSE and take the CCNA class.
It was 10 magic days for me. I learned routing, switching, frame-relay and all CCNA stuff. By the end of the training, I took the exam and became the first attendant of the class who passed.
Well, life was becoming easier after I passed CCNA (hey, remember it was early 2000!). One multi-national oil company offered me my first job in IT. This is the same company who refused my application when I applied as a Mechanical Engineer 6 months before!
I spent my 3 months probation period by finishing the second Cisco certification step: CCNP. Hex, this company has more than 150 routers running EIGRP, BGP, Frame-Relay, ISDN. All that I needed to pass my CCNP. After 9 months in the company, I had already possessed CCNP, CCDP and CCIE qualification test. All without any trainings from the company. Only by reading the material and practice.
Still don't believe certifications can help for your future? Continue reading..
One day a technical manager from IBM Global Services came to me and offered me a job. He promised that IBM would send me to CCIE Lab anywhere in the world in any cost as long as I can pass my CCIE in maximum 2 attempts. But if I failed, they would kick me out. Well, sounds like very interesting offer to me. So I join them immediately.
IBM is the best place to work. The working culture is excellent, people are really polite, and Human Resource personnels are helpful. As promised, IBM sent me to CCIE Lab with first class flight. I passed my CCIE Lab in Tokyo, Japan. It was my second attempt. My first attempt was in Brussels, Belgium, where there I failed in my second day. At that time CCIE was still 2-days lab exam.
So, I was a CCIE already and I worked in the best place to work. What else?
Well, I realized at that time my interest is still Internet Security. So I decided to learn about firewall. And what is the easy way to learn and making money at the same time? Take Checkpoint CCSE certification. The exam made me study about firewall and security concept. At the same time I helped my company since we sold Checkpoint Firewall products, and being certified guaranteed our services to the customers.
After CCIE, life was completely different. I used to receive job offer every several days. Eight months after I passed my CCIE, I decided to leave IBM and move to one IT company in Middle East. The job is challenging; they have completely different culture and at the same time the region is willing to grow to catch the technology. Cisco is the main player in Networking, Security, Wireless and IP Telephony.
So to secure my job and learn more into security I took Cisco security CCSP certification.
Up to that moment, I realized that I have to focus on the field that I really interested in. I learned deeper about Unix by taking Sun certifications, understood more about wireless security using Planet3 CWSP, took Ethical Hacker to learn tools for penetration testing, learned how to design and assess perimeter network using SANS Institute GCFW, and the latest certification I took was (ISC)2 CISSP to learn about security management and stuff.
As consultant who deals with corporate customers, I can see that it's easier to convince them with all those certification titles behind my name. Well definitely this is only one of the reason. Nothing can beat real experience, good personality and friendly approach.
So... as summary, IT professional certifications are good for me for following reasons:
1. Learn new stuff
2. Secure the job, and to get better job :)
3. To measure how deep I have learned about something
I know most people can survive without certifications. But hey, this is the easiest way.. don't you think so?
Well, I don't have exactly the answer.. I have so many certifications because they help me learning something new, yes I'm tired to study all the time but this is the life I chose and I believe all my certifications are worth my effort since they made me what I am today.
But to explain more, I need to reveal one little secret of me:
I don't have any background in computer field.
I don't have any computer science degree.
My university degree is .. Mechanical Engineering!
I know it's not uncommon. Many people who work in Information Technology come from different background.
So, considering my situation 6 years ago. I graduated from Mechanical Engineering, but I have a passion to work in Internet Security. At that time I knew only a bit system administration tasks in RedHat Linux.
To learn more about computer at that time I decided to pursue MCSE Windows NT Server.
I was amazed with domain concept, client - server relationship, trusting domain, DNS and all the things I learned in my quick-and-cheap 12 days MCSE class.
I started taking the exam: MCP Win NT server, NT workstation, Networking essential...
Until one shinny Sunday morning when two of my friends visited me and discussed about new networking class from Cisco named CCNA. I was really interested so I decided to dump MCSE and take the CCNA class.
It was 10 magic days for me. I learned routing, switching, frame-relay and all CCNA stuff. By the end of the training, I took the exam and became the first attendant of the class who passed.
Well, life was becoming easier after I passed CCNA (hey, remember it was early 2000!). One multi-national oil company offered me my first job in IT. This is the same company who refused my application when I applied as a Mechanical Engineer 6 months before!
I spent my 3 months probation period by finishing the second Cisco certification step: CCNP. Hex, this company has more than 150 routers running EIGRP, BGP, Frame-Relay, ISDN. All that I needed to pass my CCNP. After 9 months in the company, I had already possessed CCNP, CCDP and CCIE qualification test. All without any trainings from the company. Only by reading the material and practice.
Still don't believe certifications can help for your future? Continue reading..
One day a technical manager from IBM Global Services came to me and offered me a job. He promised that IBM would send me to CCIE Lab anywhere in the world in any cost as long as I can pass my CCIE in maximum 2 attempts. But if I failed, they would kick me out. Well, sounds like very interesting offer to me. So I join them immediately.
IBM is the best place to work. The working culture is excellent, people are really polite, and Human Resource personnels are helpful. As promised, IBM sent me to CCIE Lab with first class flight. I passed my CCIE Lab in Tokyo, Japan. It was my second attempt. My first attempt was in Brussels, Belgium, where there I failed in my second day. At that time CCIE was still 2-days lab exam.
So, I was a CCIE already and I worked in the best place to work. What else?
Well, I realized at that time my interest is still Internet Security. So I decided to learn about firewall. And what is the easy way to learn and making money at the same time? Take Checkpoint CCSE certification. The exam made me study about firewall and security concept. At the same time I helped my company since we sold Checkpoint Firewall products, and being certified guaranteed our services to the customers.
After CCIE, life was completely different. I used to receive job offer every several days. Eight months after I passed my CCIE, I decided to leave IBM and move to one IT company in Middle East. The job is challenging; they have completely different culture and at the same time the region is willing to grow to catch the technology. Cisco is the main player in Networking, Security, Wireless and IP Telephony.
So to secure my job and learn more into security I took Cisco security CCSP certification.
Up to that moment, I realized that I have to focus on the field that I really interested in. I learned deeper about Unix by taking Sun certifications, understood more about wireless security using Planet3 CWSP, took Ethical Hacker to learn tools for penetration testing, learned how to design and assess perimeter network using SANS Institute GCFW, and the latest certification I took was (ISC)2 CISSP to learn about security management and stuff.
As consultant who deals with corporate customers, I can see that it's easier to convince them with all those certification titles behind my name. Well definitely this is only one of the reason. Nothing can beat real experience, good personality and friendly approach.
So... as summary, IT professional certifications are good for me for following reasons:
1. Learn new stuff
2. Secure the job, and to get better job :)
3. To measure how deep I have learned about something
I know most people can survive without certifications. But hey, this is the easiest way.. don't you think so?
Friday, January 21, 2005
Gentoo Sex
While bootsrapping my blade, I found an article how to fly with gentoo.
The article is good, but it's the quote in the end that killing me:
gentoo sex is updatedb; locate; talk; date; cd; strip; look; touch; finger; unzip; uptime; gawk; head; emerge --oneshot condom; mount; fsck; gasp; more; yes; yes; yes; more; umount; emerge -C condom; make clean; sleep
Heheh, I'm still trying to imagine the act.. drrrrrrrrrr!
The article is good, but it's the quote in the end that killing me:
gentoo sex is updatedb; locate; talk; date; cd; strip; look; touch; finger; unzip; uptime; gawk; head; emerge --oneshot condom; mount; fsck; gasp; more; yes; yes; yes; more; umount; emerge -C condom; make clean; sleep
Heheh, I'm still trying to imagine the act.. drrrrrrrrrr!
Gentoo, everyone...?
I used to be a Red Hat user.
It all started when I was still in my university.
I had a hardcore-linux friend who taught me there is another OS than Micro$oft Window$.
Thanks to him, I spent my 50 bucks monthly living cost to purchase "Red Hat 4.2 Unleashed" book. Hey, back there in my country 50 bucks is more than enough for a student to live and still have fun.
Anyway, since few months ago I have decided to move to Gentoo.
Red Hat is no longer exist, leave its users like me with no choice: migrate to Fedora, or join Enterprise territory.
I choose to abandon them completely. No offense to community who shed their blood to continue developing Fedora, but the idea to provide free software at the beginning then start charging after people get used to it doesn't make sense to me at all.
So here I am now, staring at two monitors: 21-inch HP P1110 connected to Sun Blade 100, and 14-inch IBM T42 LCD display.
I'm doing Stage 1 installation on my Sun, and emerge -u world on my IBM. I keep the Window$ XP and IBM partition on my T42 though, just in case.
Some people say Gentoo is difficult to install. Well, I guess they are wrong. Gentoo community has put a lot of effort to make Gentoo Installation Handbook. Use it. RTFM. Google is your friend.
This is not my first installation. Perhaps, my 7th..or 8th? Gentoo power lies on its Portage. Once I get the system up and running, I don't need to worry about how to install new packages or upgrade my system. Just type the magic word: emerge.
Curious? Read the Gentoo Portage Introduction.
So what are you waiting for? Go to www.gentoo.org now and start reading the story of Larry the Cow. Enjoy.
It all started when I was still in my university.
I had a hardcore-linux friend who taught me there is another OS than Micro$oft Window$.
Thanks to him, I spent my 50 bucks monthly living cost to purchase "Red Hat 4.2 Unleashed" book. Hey, back there in my country 50 bucks is more than enough for a student to live and still have fun.
Anyway, since few months ago I have decided to move to Gentoo.
Red Hat is no longer exist, leave its users like me with no choice: migrate to Fedora, or join Enterprise territory.
I choose to abandon them completely. No offense to community who shed their blood to continue developing Fedora, but the idea to provide free software at the beginning then start charging after people get used to it doesn't make sense to me at all.
So here I am now, staring at two monitors: 21-inch HP P1110 connected to Sun Blade 100, and 14-inch IBM T42 LCD display.
I'm doing Stage 1 installation on my Sun, and emerge -u world on my IBM. I keep the Window$ XP and IBM partition on my T42 though, just in case.
Some people say Gentoo is difficult to install. Well, I guess they are wrong. Gentoo community has put a lot of effort to make Gentoo Installation Handbook. Use it. RTFM. Google is your friend.
This is not my first installation. Perhaps, my 7th..or 8th? Gentoo power lies on its Portage. Once I get the system up and running, I don't need to worry about how to install new packages or upgrade my system. Just type the magic word: emerge.
Curious? Read the Gentoo Portage Introduction.
So what are you waiting for? Go to www.gentoo.org now and start reading the story of Larry the Cow. Enjoy.
Sunday, January 09, 2005
0-day
Hi, my name is Himawan.
I'm not an expert. Not yet.
I'm just another guy working in networking and security field in UAE.
It's a small country in middle east.
Google keyword: burj al arab.
During my experience working in IT field, I have possessed several professional certifications:
Cisco CCIE (#8171), CISSP, SANS GCFW, Planet3 CWSP, Cisco CCSP, EC-Council CEH, Sun SCSA/SCNA, and Checkpoint CCSE.
But none of those certifications is important.
I'm just a student. And my subject is the Internet.
And I have to keep learning...
I'm not an expert. Not yet.
I'm just another guy working in networking and security field in UAE.
It's a small country in middle east.
Google keyword: burj al arab.
During my experience working in IT field, I have possessed several professional certifications:
Cisco CCIE (#8171), CISSP, SANS GCFW, Planet3 CWSP, Cisco CCSP, EC-Council CEH, Sun SCSA/SCNA, and Checkpoint CCSE.
But none of those certifications is important.
I'm just a student. And my subject is the Internet.
And I have to keep learning...
Subscribe to:
Posts (Atom)